[secdir] SECDIR Review of draft-ietf-extra-sieve-action-registry-04
Donald Eastlake <d3e3e3@gmail.com> Mon, 21 November 2022 03:18 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D602EC14CEE5; Sun, 20 Nov 2022 19:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.844
X-Spam-Level:
X-Spam-Status: No, score=-1.844 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXD9Ki3CJscK; Sun, 20 Nov 2022 19:18:06 -0800 (PST)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34F1BC14F74C; Sun, 20 Nov 2022 19:18:03 -0800 (PST)
Received: by mail-ej1-x632.google.com with SMTP id f18so25638897ejz.5; Sun, 20 Nov 2022 19:18:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=QPU2Btd2GbTEMqO/vHUMn14jOl/w/uc2I0xAFxbaOJg=; b=DgBtkCNFv75Z8RjNDvPAf++I08JEJkPJ2SScCKLjC/vkLHxJ+rX+nszNd6ZTnwcQ9S h1p3XORt6u4D4+rD4xZ+qmG/b/jN37vGaXJInd64S7dqs8pZmLgqxkHqr4Y3qigdAVDL Zp7zccNtfSNOpf1f7DggJs0g6SfVsP83WLkvo1AWGg+gw0WrIGquRLj/IjjRb4zsnT9j SavZXN4c0wMiN64zY3k25LuxUfaXOWu2aX9UDACqWe0KSMkIkfCmRW0Irwu2Cd33PyZK Kc7SyZwqGodoY2/zhxuY8lEfERNABfGpk1lqy8Bn34DA5xKGyKwe2KVmTorfFecK9clC hIUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=QPU2Btd2GbTEMqO/vHUMn14jOl/w/uc2I0xAFxbaOJg=; b=STN7USigMvWVbSdELlHmw+KDF05rJmSi4TnwwYDU6cOuRSphhtjasJhfnNDKKV3W8t oXlclKofBiuNU7sQkH+vFLkLwZe8wBlHNbHQwufMTh7x47sZ2RNCo7XeX5MpYQl87l62 en92d2I/C0QppM0TYowasxMkBfKUnHvg5fXOENcKeqEXcILuoiIsxJ/PpYTioeBCigd6 5bmxzLgCPvSO3ET4650p1I0PtPYqvNDLAWNHPDwezLsIhnlT+89CRkLJD1H6sE5RVvLO PRQaiQEQpmbB5a1+b1h9QsGK+xEr1UOD+B/NOS6k8QPOWAlLWkxRu32yLu7xv6nsGX9U 44Kw==
X-Gm-Message-State: ANoB5pk5JGYP5EpP0ARbKVqRohwFmKUURXTlnMzCw4tDKKi+7L5pK7bm tJizA/zIi83uzGEX9JTiOrZs+YOURr/mmfwx4VMzq+lKl3s=
X-Google-Smtp-Source: AA0mqf4+V6J0iTbjpg9RI3YkIXW+kJrlZtFMdcrGfbZxeBwcQ52cAV2tzQEqZcyfIbrI6Pal3NcSq9Jwm03ZlMhZPKI=
X-Received: by 2002:a17:907:9c0a:b0:7ae:1e53:8dd4 with SMTP id ld10-20020a1709079c0a00b007ae1e538dd4mr13505765ejc.42.1669000680059; Sun, 20 Nov 2022 19:18:00 -0800 (PST)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 20 Nov 2022 22:17:48 -0500
Message-ID: <CAF4+nEGxyfVN9qOjcOC5dLLO_tXm_TrEah9F4X1tXNUPOhnBEw@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>
Cc: secdir <secdir@ietf.org>, Last Call <last-call@ietf.org>, draft-ietf-extra-sieve-action-registry.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000aa36b305edf280a7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/uaJxxPbySrqqN8YlqiRalHFSCgc>
Subject: [secdir] SECDIR Review of draft-ietf-extra-sieve-action-registry-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2022 03:18:11 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Has a Issue. Sieve Email Filtering Language [RFC5228] is an email filtering language used upon final mail delivery. This document creates a registry of Sieve actions in order to help developers and Sieve extension writers track interactions between different extensions. *Minor Issues* Since this document is mostly setting up a tabular IANA Registry, the Security Considerations do not need to be that extensive. Nevertheless, it seems likely that there are some security considerations lurking in the interactions of different actions. If these security considerations are presented adequately in the many RFCs referenced in the Initial Sieve Action Registry, then it should be adequate to just add a sentence to the Security Considerations section something like "For the Security Considerations of particular actions, see the RFC(s) referenced for that action in the Initial Sieve Action Registry in Section 2.2." If those RFCs do not adequately cover it, then more material should be added in this document. The one sentence Abstract seems inadequate to me. In my opinion, it needs more context. At a minimum I suggest copying the first sentence of the Introduction and make it also be the first sentence of the Abstract. (Since that sentence has the same RFC reference as the current one sentence Abstract, one of the two references can be removed from the Abstract.) *Nits* See https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-extra-sieve-action-registry-04.txt (For some reason the nits checker reports that there are many, many entries in the References sections that are not used in the document. But this seems to be a problem with the nits checker since a few I checked really are used in the document.) The Initial Sieve Action Registry table is too wide by about 24 columns for there to be a valid .txt version. This might be difficult but here are a few initial suggestions: - Decrease the indent for the table by 3 so it is flush left. - Since none of the entries have anything in the Comments column, eliminate that column and add text explaining this. (Alternatively, if that is too radical, you could put the header word "Comments" vertically so it is only one character wide.) - Since all the entries in the "Capabilities" column have double quotes around them, drop the double quotes. - The entries in the "Cancels Implicit Keep?" and "Can Use with IMAP Events?" columns are pretty narrow so you could narrow those columns by narrowing their headers. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com
- [secdir] SECDIR Review of draft-ietf-extra-sieve-… Donald Eastlake
- Re: [secdir] SECDIR Review of draft-ietf-extra-si… Alexey Melnikov
- Re: [secdir] SECDIR Review of draft-ietf-extra-si… Donald Eastlake